[nycbug-talk] BSD Chapter in HLE

Dru dlavigne6 at sympatico.ca
Fri Sep 15 18:24:28 EDT 2006 


On Fri, 15 Sep 2006, Ray Lai wrote:

>> My question to the list is: is this draft missing any features which
>> should be mentioned? Should I mention the ability to strip kernels and
>> build world/build.sh?
>
> I don't see how stripping kernels is a feature, since it is helpful to
> debug kernel panics.  make build is a nice and easy way to keep your
> system up to date.  Just cvs up or apply patches, make build, and go to
> sleep.


Which is why I asked ;-) This list is chock-full of admins/security folks, 
what are your best practices for preparing production systems? I can setup 
this portion of the chapter to show the flexibility/differing philosophies 
and capabilities of the various BSDs while showing how the tools are 
available to easily create a secure production system suited to a org's 
specific requirements.

Myself, I always cvsup, build world and strip custom kernel on FreeBSD 
systems. OpenBSD systems I leave the world/kernel as-is.


>> What about OpenBSD propolice?
>
> It would be nice to describe some of these security enhancements in
> depth (more in depth than Theo's slides, less in depth than the author's
> web pages).


Anyone aware of a succint, easy to read paragraph or two or have the time 
to contribute one for propolice?


>> What about Coverity
>> audits being integrated into engineering processes?
>
> Coverity is a nice tool, but its suggested fixes should not be committed
> wholesale without checking if they are correct.  This is true for just
> about every other tool.  Don't overlook lint, either.  Chad Loder has
> been improving our lint to quiet it down and to concentrate on real
> issues.  It is pretty useful to run these tools on the source code and
> look carefully at areas they point out, concentrating on new findings.
> Be careful not to change code just to silence the tools, however; this
> can introduce bugs or silence legitimate ones.


I'd like to stress the quality of code and the release engineering, commit 
bit processes as this is a big difference between the BSDs and Linux. I'm 
also not a committer so it would be interesting to have a paragraph or so 
from each project explaining how their processes promote secure and 
quality code.


> I'd like to mention that the GENERIC kernel has all the usable devices
> enabled by default, so users don't need to configure and recompile
> anything to get their devices working.  The less there is to configure,
> the less chances users have of messing up.


Good point.


>>  	- blowfish support
>
> Be sure to mention the techniques described in "Future-Adaptable
> Password Scheme", by Niels Provos and David Mazieres.


I will look this up.


> vnconfig(8) supports encrypted filesystem images.  Also, encrypted swap
> is enabled by default.


Knew I forgot one...


> pfsync and CARP allow firewalls to be upgraded without having downtime.


Good point.


> Redirect mail sent from Windows and Linux machines to spamd(8) works
> wonders, I hear.


Should add spamd as well.


> We strive to have correct, up-to-date, and useful manuals, so please
> don't ignore them!  For more extensive coverage of certain topics, the
> FAQ is useful as well.


Yes, links to online manpages is good, as well as the FAQs.

Good stuff.

Dru

More information about the talk mailing list